← Home

Privacy Policy

Last updated: 2026-05-05.

This privacy policy explains which personal data the Anyvoc mobile app and the associated websites at anyvoc.eu process, for what purpose, and on what legal basis.

1. Controller

The controller in the sense of Art. 4 (7) GDPR is the operator of Anyvoc. Full name and postal address are listed in the imprint.

Email: feedback@anyvoc.eu

2. Website hosting and server logs (anyvoc.eu)

The website anyvoc.eu is hosted on GitHub Pages, a service of GitHub, Inc., 88 Colin P. Kelly Jr. Street, San Francisco, CA 94107, USA. When you visit the site, GitHub processes the technical access data required to deliver the page (IP address, timestamp, requested URL, HTTP status, user agent, referrer). These request data are processed in standard web-server log files on GitHub's infrastructure.

Purpose: Delivery of the page, security (abuse / DDoS protection), basic operational integrity. We ourselves do not access these logs and do not link them to any user account.

Legal basis: Art. 6 (1) (f) GDPR — legitimate interest in operating a publicly available website.

Third-country transfer: GitHub is a US company; processing may occur in the USA. The transfer is based on the EU-US Data Privacy Framework (GitHub is certified) and the Standard Contractual Clauses according to Art. 46 (2) (c) GDPR. Details: GitHub Privacy Statement.

Retention: Server-side log retention is governed by GitHub's policy and is not under our control. We do not download, store, or analyse these logs ourselves.

The website itself is purely static and contains no analytics, no tracking pixels, no advertising networks, and no third-party embeds. Web fonts (Inter) are self-hosted on the same domain and are not loaded from a third party.

3. Principle: your data stays on your device

Anyvoc stores all vocabulary, content, learning progress, and settings locally on your device in a SQLite database. There is no cloud sync, no server-side account for your vocabulary data, and no analysis of your learning content on our side.

The only external connections the app makes are:

An optional sign-in backend (Supabase), see section 5.
An LLM backend for vocabulary extraction and translation, see section 6.

If you use the app in guest mode and don't submit any content for vocabulary extraction, no personal data is transferred to external services.

4. Local storage on your device

The following categories are stored exclusively in the app's local SQLite database:

Vocabulary, translations, CEFR levels, example contexts
Content (texts, links, OCR results from images)
Leitner progress, review days, quiz results
Settings (native / learning language, CEFR minimum, quiz mode)
Pro status flag (local, until in-app purchase activation)
Anonymous counter for guest-login budget (guest_login_remaining)

This data does not leave your device. It is deleted when you:

uninstall the app, or
(when signed in) choose "Delete Account" in the app settings — this irrevocably removes the local data on your device and the server-side authentication data at Supabase.

Legal basis: Art. 6 (1) (b) GDPR (performance of contract — the app cannot fulfil its function without local storage).

5. Authentication via Supabase (optional)

Anyvoc can be used without sign-in, in guest mode. Users sign in for one of these reasons:

To unlock Pro features (in the future, once in-app purchase is active).
The guest-login budget is exhausted (3 guest sessions per device).

The following data is sent to Supabase during sign-in:

For email OTP: your email address + 6-digit verification code.
For "Sign in with Apple" (iOS): the Apple-issued identity token. Apple may generate a pseudonymous email (@privaterelay.appleid.com); we only see this.
For "Sign in with Google" (Android): the Google identity token with email address and Google user ID.

Supabase stores for your account:

A unique user ID (UUID)
Your email address (or Apple pseudonym email)
Creation and last sign-in dates
Refresh / access tokens for session management

Tokens are stored encrypted on your device via expo-secure-store (iOS Keychain, Android Keystore).

Processor: Supabase Inc., hosted in the EU Frankfurt region (eu-central-1, AWS Frankfurt). A data processing agreement under Art. 28 GDPR is in place; data transfer takes place exclusively within the EU.

Legal basis: Art. 6 (1) (b) GDPR (performance of contract — no Pro purchase without an account; in pure guest mode this processing does not occur at all).

Deletion: You can delete your account at any time in the app under Settings → Delete Account. All account data at Supabase is then irrevocably deleted. Local vocabulary data is removed from the device in the same step. If you cannot reach the in-app flow, you can also request account deletion via the web.

6. LLM backend for vocabulary extraction (anyvoc-backend.fly.dev)

When you submit content (text, image OCR, web link) to the app for vocabulary extraction or translation, the app sends the relevant text content to our backend proxy anyvoc-backend.fly.dev. The proxy forwards the request to an LLM provider.

What data: The text of the content to be analysed (e.g. a Wikipedia excerpt, an OCR result, one of your own notes). If this text contains personal data, that data is transferred along with it — therefore, do not submit sensitive or third-party personal data to the app that is not intended for LLM analysis.

What we log: Per request, our backend writes a structured log entry with the fields at, tier, model, provider. No content data, no IP address, no user ID, no headers. These logs serve solely error- and cost-analysis and are not stored in a way that could be linked to your account or device.

Backend hosting processor: Fly.io, Inc., USA. The application server runs in the "cdg" region (Paris, France, EU). At the host's infrastructure level, technical logs (IP addresses, timestamps, HTTP statuses) are produced as is normal for any web host. These are deleted automatically per the host's retention policy and are not analysed by us. Fly.io is bound to GDPR-conformant Standard Contractual Clauses.

LLM provider processor:

Mistral AI, Paris, France (EU). Mistral (currently mistral-small-latest) processes the submitted content to generate the AI response and acknowledges retaining requests for a limited period for abuse detection (see Mistral's privacy policy at mistral.ai). Mistral, per its API terms, does not use the data for model training.

This privacy policy will be updated should the routing configuration change to add or replace the LLM provider.

Legal basis: Art. 6 (1) (b) GDPR (performance of contract — no LLM call, no vocabulary extraction). If you do not want LLM processing, avoid the "Add content" function and use only manual vocabulary entry.

7. On-device OCR

Images you hand to the app via the photo library or camera are processed on-device with Google ML Kit Text Recognition (@infinitered/react-native-mlkit-text-recognition). This applies to both iOS and Android: the library binds the native Google ML Kit SDK on each platform (GoogleMLKit/TextRecognition pod on iOS, com.google.mlkit:text-recognition on Android). No image content and no extracted text is sent to Google for the OCR itself.

Only the extracted text is, if you choose vocabulary extraction, forwarded to our own LLM backend proxy (see section 6) — never to Google.

SDK-level telemetry: The Google ML Kit SDK may transmit anonymous diagnostic and quality signals to Google (e.g. SDK version, success / failure rates, model performance statistics). These signals contain no image content, no extracted text, and are not linked to any user identifier we hold. The processing is governed by the Google ML Kit Terms of Service and Google's privacy documentation. Processor: Google LLC, Mountain View, USA; transfer based on the EU-US Data Privacy Framework and Standard Contractual Clauses.

8. Permissions the app requests

Permission	Purpose
Internet	Backend requests to anyvoc-backend.fly.dev and Supabase
Camera	Optional, to photograph vocabulary source texts (OCR)
Photo library (iOS)	Optional, to pick text-bearing images from the gallery
Audio recording	Reserved for future speech features — currently unused

You can revoke camera and photo-library permissions at any time in your device's system settings. Internet access is required for sign-in and LLM features; without internet, the app stays usable in pure offline mode with locally-stored vocabulary.

9. Paid features (future)

Once the paid Pro features are activated, billing runs exclusively through your store's payment system (Apple App Store or Google Play). Anyvoc only receives confirmation from the store of whether you have an active Pro entitlement — no payment data, no credit-card details, no bank information.

We plan to use RevenueCat as the receipt-validation layer. Once that service is live, this privacy policy will be amended with the relevant section.

10. Crash reporting (future)

We plan to collect anonymous crash reports via Sentry to fix app crashes. Such reports contain stack traces, device model, and operating-system version, but no personal data, no vocabulary content, no email. Once crash reporting is active, this privacy policy will be updated accordingly.

11. Cookies and tracking

Neither the app nor the website anyvoc.eu sets any cookies of their own, uses tracking pixels, ad networks, or analytics SDKs. The website is fully static; no consent banner is required because no non-essential storage access takes place on the visitor's device (TTDSG § 25).

12. Your rights under GDPR

You have the right at any time to:

Information about the data stored about you (Art. 15)
Correction of inaccurate data (Art. 16)
Erasure of your data (Art. 17) — see also request account deletion
Restriction of processing (Art. 18)
Data portability (Art. 20)
Object to processing (Art. 21)

Where processing is based on consent, you can withdraw it at any time.

Please direct such requests to feedback@anyvoc.eu. Since we hold very little personal data server-side (only the sign-in account, if any), an information request can usually be answered within a few days.

You also have the right to lodge a complaint with a data protection supervisory authority. The competent authority for us is:

Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg
Postfach 10 29 32, 70025 Stuttgart, Germany
https://www.baden-wuerttemberg.datenschutz.de/

13. Swiss residents (FADP)

If you reside in Switzerland, the Swiss Federal Act on Data Protection (FADP / DSG, in force since 1 September 2023) applies in addition to or instead of the GDPR, depending on the processing context. The FADP grants you rights that are functionally equivalent to those listed in section 12, in particular:

Right to information about the data processed (Art. 25 FADP)
Right to have inaccurate data corrected (Art. 32 (1) FADP)
Right to have your data erased (Art. 32 (2) FADP)
Right to object to processing (Art. 30 FADP)
Right to data portability (Art. 28 FADP)

You can exercise these rights via the same email channel as for GDPR requests: feedback@anyvoc.eu.

The competent Swiss supervisory authority is:

Eidgenössischer Datenschutz- und Öffentlichkeitsbeauftragter (EDÖB) /
Federal Data Protection and Information Commissioner (FDPIC)
Feldeggweg 1, 3003 Bern, Switzerland
https://www.edoeb.admin.ch/

14. Changes to this privacy policy

We may amend this privacy policy when the app, the processing purposes, or the legal framework changes. The current version is available at https://anyvoc.eu/legal/privacy.html. For material changes we notify you in the app.